ICYMI more writeup on how the facebook security issue from two weeks ago was discovered and also now currently being dealt with: https://t.co/LSLPEpYdKO

it's actually pretty fascinating from the perspective of if you think privacy is just about access control; the problem of access control on granular data like this with settings for variability (how private is private) coupled with social graphs makes reasoning pretty hard.

interestingly there is some existing research about modeling this as a formalized privacy language such that you can do checks against that language. the difficulty comes from autogenerating the language based on existing rules, and porting over to use the language.